discordrat | 3bacfe46c94013a1ac4391aad3703b66c83c5f24b83988a20aa0688b75e38be5 | Triage

Sharing

General

Target

3bacfe46c94013a1ac4391aad3703b66c83c5f24b83988a20aa0688b75e38be5.exe
Size

312KB
Sample

241226-cdeehstrap
MD5

206c5e9315996b26d6522aa75affdb5c
SHA1

618ad2c12f81a1a6520b8abfcbcada10bb18f353
SHA256

3bacfe46c94013a1ac4391aad3703b66c83c5f24b83988a20aa0688b75e38be5
SHA512

d033501360cab478372d9738f0b1ea818bd4ee3de2f760623440696060e8f88e4e0775b7807ce979b77175c54fa5155d3fb23e8ddb11097ac7a4e959e98cff14
SSDEEP

6144:hIIcrXQ4S33w614mazUBHfSdocWYD24BfiDFinGTH8LR:/crNS33L10QdrX4fqinGALR

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxOTg2OTgyOTM2MDEyODA3MQ.G49tLk.gKrl1f-9DXCakQDl5EQiEC-4rrMdZtmrIPsZ_M
server_id
1319869367160275024

Targets

- Target
  
  3bacfe46c94013a1ac4391aad3703b66c83c5f24b83988a20aa0688b75e38be5.exe
- Size
  
  312KB
- MD5
  
  206c5e9315996b26d6522aa75affdb5c
- SHA1
  
  618ad2c12f81a1a6520b8abfcbcada10bb18f353
- SHA256
  
  3bacfe46c94013a1ac4391aad3703b66c83c5f24b83988a20aa0688b75e38be5
- SHA512
  
  d033501360cab478372d9738f0b1ea818bd4ee3de2f760623440696060e8f88e4e0775b7807ce979b77175c54fa5155d3fb23e8ddb11097ac7a4e959e98cff14
- SSDEEP
  
  6144:hIIcrXQ4S33w614mazUBHfSdocWYD24BfiDFinGTH8LR:/crNS33L10QdrX4fqinGALR
Score

10^/10

discordrat discovery persistence rat rootkit stealer
- Discord RAT
  A RAT written in C# using Discord as a C2.
  stealer rootkit rat persistence discordrat
- Discordrat family
  discordrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discordratdiscoverypersistenceratrootkitstealer

behavioral2

discordratdiscoverypersistenceratrootkitstealer